Government Solutions
Challenge
First installation of Cribl LogStream in a Federal enviroment. Architected 40 TB/day ingest AWS with heavy use of Agile/Scrum. >50 FTEs analyzing >1 trillion log events.
Solution
Implement API/data onboarding of cloud sources across agency lab sites into a Big Data Platform (BDP). Managed > 50 FTE's across entire engagement. Ingested and analyzed > 100 BN log events.
Results: All lab sites were able to send data to a centeralized location and for headquarters to get an accurate depiction of the security landscape across the Enterprise.
Challenge
Setup and manage Splunk enviroments for (3) other Federal agencies within the Angencies Managed Security Service Provider (MSSP) enviroment.
Solution
Implemented MSSP enviroment for 8+ agencies. Aggregated data from other tools and continuously monitor for threats, 24/7. Heavy use of agile reporting in JIRA and ServiceNow for operational efficentcy. Over 55 FTEs.
Results: Effective Splunk Cloud infastructure management, cloud migration of on-premise components, and data onboarding for terabytes of data.
Challenge
Provide SME support for Splunk customers within a large technology integrator's services offering.
Solution
Results: Built technical capacity of the engineering team with new Splunk knowledge, skills, and abilities. Engineering team was able to monitor, track, assess, and report on new threats.
SUCCESS STORIES
Challenge
Transition from the old Splunk infrastructure to a new infrastructure. Implement “App as a Service” (AaaS).
Solution
Migrated the infrastructure in production. Led team of 8 Splunk engineers on.
Results:Provided AaaS for > 10K users, while ensuring 24/7/365 up-time.
Challenge
Complete the first-ever government cloud to government cloud migration in Splunk's history. With a goal of just 3 weeks.
Solution
Coordinated with Splunk Professional services, checks and balances, with a bucket-for-bucket scan of data being migrated. Moved all data feeds. Set up TCP routing to double feed old stack and new stack.
Results: Success. On-time. Within budget. We successfully migrated the production environment to the Splunk Cloud. One of the government technical leaders stated, “We are truly impressed with how fast CYBRILL completed this very, very complex project. And we are extremely grateful for everything they did from day one.”
Challenge
Provided SME leadership, addressing multiple technical and coding issues. Integrate threat intelligence feeds into Splunk Enterprise Security.
Solution
Performed advanced troubleshooting and data parsing across the environment. Correlated technical and coding issues with customer’s concerns. Cleaned up correlation searches. Customized monitoring. Implemented ingest actions to split data by customer to separate indexes to also shrink Splunk license expenses.
Results: Moved the environment from red to green. Rectified technical and coding issues, enabling a new set of correlation searches to be created by the SOC. Beginning next phase of enhancing the cyber security environment.